Redirect to https:// not working – bug report

hi,

first off, I apologize for having not responded a question about my previous bug report (identical to this one -- almost :slight_smile: I'll try to be more elaborate this time around )

it was here:

and I really am sorry, please excuse me


this time, I did the same thing:
installed a new server, debian 10, and installed certbot, following exactly the instructions at this page:

and then I ran it,
and checked my virtual host file...
and I found the same "error" (problem)

which is:
in the mydomain-le-ssl.conf file,
after the ENDING "if_module" tag, which starts at the top of the page like this:

"IfModule mod_ssl.c
VirtualHost ip_address:443"

so, under
/VirtualHost
/IfModule

this appears:
IfModule mod_ssl.c
VirtualHost ip_address:80

AND the entire text which exists in
mydomain.conf
is placed here...


and I believe that this is the product of an erratic behavior... somehow...

I guess, apache can be configured in various ways...
the convention I follow is to have two separate files for the
"port-80" normal web connection, and the SSL connection...
like
mydomain.conf and mydomain-le-ssl.conf, respectively...

and in this case, the text (code) from mydomain.conf shouldn't appear in mydomain-le-ssl.conf

nevertheless,
whatever happens, the "port-80" connection's config text
shouldn't appear in a mod_ssl.c tag, right? :slight_smile:

like this...
IfModule mod_ssl.c
VirtualHost ip_address:80


if this is not a bug, I'm sorry... but it really looks like that to me...

and once again, I'm sorry I didn't reply to that question..

Peter

PS:
it is because of this unwanted block of config code in the mydomain-le-ssl.conf file which screws up the "redirect permanent" command line (=makes it not to work)
hence the subject of this report

PS 2: I removed the code "brackets" (?) the less or larger than signs :slight_smile: so that the code would be visible here...

2 Likes

Hello :slightly_smiling_face:

I've actually witnessed this same bug myself in a few help cases I've worked here, but have no definitive answers yet. You are correct that this is not intended behavior. What version of certbot are you running (certbot --version)?

When posting code, you can put it inside a block, like this:

```
code

```

It will then appear like so:

code
3 Likes

That is by far the most perceptive (and possible understated) statement in this topic.
Apache will attempt to run at all costs.
In my experience, it is usually where most of the problems exist.
We should have a look at your entire Apache configuration.

2 Likes

version: 1.17.0

(the same on both servers where I've encountered this)

2 Likes

okay... tell me what exactly you need (i've attached the 2 vhost config files)

once again, this is certbot version 1.17.0,
and I've never had this before


as to the outline of the apache config:

   /etc/apache2/

   apache2.conf
   ports.conf
   mods-enabled/
          *.load
          *.conf
   conf-enabled/
          *.conf
   sites-enabled/
           *.conf

I use "sites-available" and "sites-enabled", in the latter there are symlinks to files in the former... created by apache when "a2ensite" is issued

once the "https" works, I'll uncomment a "redirect permanent" line in the port:80 file (domain.conf)
above the "Directory" block, under the virtual host

NOTE: certbot tends to use redirect engine, at the bottom of the config code block...
BUT, it/she/he :slight_smile: always realizes, in my case, that "there's already a redirection" in the config... so, this part works well and intelligently...

.
.
--- PS / some SPECULATION:

my obvious "guess", if I may:
certbot creates the domain-le-ssl.conf file from domain.conf
so, it seems logical to suppose that the problem happens in
this copy-pasting process...

cause there are 3 "text" blocks...
A: (.conf-file) virtualhost config block for port:80
B: (le-ssl.conf) virtualhost copy-pasted AND modified config block for port:443
C: (le-ssl.conf) virtualhost copy-pasted BUT NOT modified config block below the "good" block... in a wrong (port:443) tag

I'd suppose that the "443" tag is key trace...
cause what happens appears to be NOT:

  1. a copy-paste 2x (instead of one)
  2. a modification -- find & replace

but:

  1. a copy-paste
  2. a modification -- which includes a copy-paste within the file, so there will be a "temporary config-block", above which the "result code block" is being generated

and perhaps this "temporary block" is NOT deleted when it should be...
and it's nicely wrapped up in the appropriate virtualhost tags...
.
.

---- attachments:
vhost.conf.txt (721 Bytes)
vhost-le-ssl.conf.txt (887 Bytes)

2 Likes

Please show the output of:
apachectl -S

2 Likes

Make that:

sudo apachectl -S

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.